CVE-2026-24872

creationtimestamp| type| source ---|---|--- 2026-01-27 16:30:58+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdg6myo4gi2v 2026-01-27 20:04:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdgkkjw5262n...

CVE-2025-24872

The ABAP Build Framework in SAP ABAP Platform allows an authenticated attacker to gain unauthorized access to a specific transaction. By executing the add-on build functionality within the ABAP Build Framework, an attacker could call the transaction and view its details. This has a limited impact...

CVE-2025-24872 Missing Authorization check in SAP ABAP Platform (ABAP Build Framework)

The ABAP Build Framework in SAP ABAP Platform allows an authenticated attacker to gain unauthorized access to a specific transaction. By executing the add-on build functionality within the ABAP Build Framework, an attacker could call the transaction and view its details. This has a limited impact...

CVE-2024-11568 IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page...

CVE-2024-11568

CVE-2024-11568 affects IrfanView, where the DXF file parser is vulnerable to an out-of-bounds read. The fault stems from insufficient validation of user-supplied data during DXF parsing, which can cause a read past the end of an allocated buffer and enable remote code execution in the context of ...

CVE-2024-11568 IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page...

CVE-2024-24872

creationtimestamp| type| source ---|---|--- 2024-02-21 08:32:00+00:00| seen| https://t.me/ctinow/189329 2024-02-22 03:25:43+00:00| seen| https://t.me/arpsyndicate/3881...

CVE-2024-24872

Cross-Site Request Forgery CSRF vulnerability in Themify Themify Builder.This issue affects Themify Builder: from n/a through 7.0.5...

CVE-2024-24872

Cross-Site Request Forgery CSRF vulnerability in Themify Themify Builder.This issue affects Themify Builder: from n/a through 7.0.5...

CVE-2024-24872 WordPress Themify Builder Plugin <= 7.0.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Themify Themify Builder.This issue affects Themify Builder: from n/a through 7.0.5...

CVE-2024-24872

CVE-2024-24872 affects the WordPress plugin Themify Builder up to version 7.0.5, with a Cross-Site Request Forgery (CSRF) vulnerability in the builder workflow. The issue can enable unauthorized actions on an authenticated user’s session. The CVE is mitigated by upgrading to Themify Builder 7.0.6...

WordPress Themify Builder Plugin <= 7.0.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Themify Builder Type Plugin Vulnerable versions = 7.0.5 Fixed in 7.0.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-24872 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID efd15afc948b Credits Dhabaleshwar Das...

CVE-2020-24872

creationtimestamp| type| source ---|---|--- 2023-08-11 18:16:40+00:00| seen| https://t.me/cibsecurity/68340...

CVE-2020-24872

CVE-2020-24872 is a cross-site scripting vulnerability in Lepton-CMS 4.7.0, stemming from lack of proper filtering/escaping in backend/pages/modify.php. The issue allows remote attackers to inject and execute arbitrary web scripts or HTML when a user views or submits crafted data, with the CVSS i...

CVE-2023-24872

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability...

CVE-2023-24872

CVE-2023-24872 affects the Microsoft PostScript and PCL6 Class Printer Driver. The entry documents a Remote Code Execution vulnerability with high severity (CVSS 3.1: AV=N/AC=L/PR=L/UI=N/S=U/C=H/I=H/A=H). Concrete technical details (affected product/version, root cause, exploit status, or fixes) ...

CVE-2022-24872

creationtimestamp| type| source ---|---|--- 2022-04-21 00:25:56+00:00| seen| https://t.me/cibsecurity/41201...

CVE-2022-24872

Shopware CVE-2022-24872 is an improper access‑control issue in the admin-api where permissions set to the sales channel context can be used within a normal user session. Affects Shopware platform (Symfony/Vue) across affected releases; remediation is to update to version 6.4.10.1. For 6.1–6.3, se...

CVE-2022-24872 Improper Access Control in shopware

Shopware is an open commerce platform based on Symfony Framework and Vue. Permissions set to sales channel context by admin-api are still usable within normal user session. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security...

CVE-2021-24872

creationtimestamp| type| source ---|---|--- 2021-12-13 14:22:06+00:00| seen| https://t.me/cibsecurity/33800...